The vulnerability described in this document can be eliminated
completely by logging into the affected Cisco Guard and Cisco Traffic Anomaly
Detector DDoS mitigation appliances and changing the default password for the
administrative root account to a strong password chosen by the
To change the default password you need to run the
passwd command once you have logged in as the
root user. The following interaction shows and example of a
change password dialog in a Cisco Traffic Anomaly Detector that is performed
prompt$ ssh firstname.lastname@example.org
Last login: Tue Nov 23 15:48:13 on ttyS0
[root@DETECTOR root]# passwd
Changing password for user root.
New password: <new password typed in here>
Retype new password: <new password typed in here>
passwd: all authentication tokens updated successfully.
In order to perform this procedure you will need the default password.
To obtain this password customers must contact the Cisco TAC. Entitlement will
be checked so please have your product serial number available and give the URL
of this notice.
After changing the default password, the Cisco Guard and Traffic
Anomaly Detector will not accept root logins using the default
A reboot is not required for the new password to take effect, so
network operations will not be disrupted.
If affected customers do not wish to contact Cisco to obtain the
default password, it is possible to change the administrative account's
password by performing the password recovery procedure. This procedure is
documented at the following location:
As a security best practice, it is recommended that customers make use
of the access control feature that restricts connectivity to the SSH and
web-based management services to certain IP networks configured by the
administrator. Refer to the documentation for your Cisco Guard and Cisco
Traffic Anomaly Detector, specifically the permit
wbm and permit ssh commands, for
details on how to enable this feature. Having these access control mechanisms
in place may mitigate the vulnerability if it cannot be eliminated completely
by changing the default password as described above.